DNS Open Source Tools Enhancement and Maintenance

By Keith Mitchell - DNS-OARC

2019 ARIN Community Grant Program Recipient Report

Overview

The Domain Name System Operations, Analysis, and Research Center (DNS-OARC) is a non-profit, membership organization that seeks to improve the security, stability, and understanding of the Internet’s DNS infrastructure. The ARIN Community Grant for the Open Source Tools and Enhancements Project has allowed DNS-OARC to develop, maintain, host and improve its suite of open-source tools for DNS measurement, telemetry and testing. This has enabled new releases of these tools, adding features, enhancements and bug fixes in response to requirements from the DNS community. It has additionally supported outreach to the DNS and operator community in support of these tools, and received recognition through collaborative development and additional grants being awarded for future enhancement of some of these tools.

Project Results

We have defined progress by new releases of our open-source tools for DNS measurement, telemetry and testing tools, adding features, enhancements and bug fixes in response to requirements from the DNS community. Below is a list of projects completed since the grant was awarded in August 2019 through July 2020.

  • Automated package building system
    • Made it simple for all package managers to update to the latest development version once built. It is now triggered automatically when building development and master branches of all our projects.
  • dnsperf and resperf
    • Releases added TCP and TLS support, improved error handling and various bug fixes.
    • During the grant year we developed five releases containing 257 commits, the latest being v2.3.4.
  • dnscap
    • Releases include all plugins for the Debian and Ubuntu packages, a new eventlog plugin, and added other functionality and fixed some bugs.
    • During the grant year we developed five releases containing 188 commits, the latest being v1.11.1.
  • dsc
    • Releases added support for receiving DNS messages over DNSTAP along with documentation updates, new configuration options, TLDs table updates and fixing bugs.
    • During the grant year we developed five releases containing 161 commits, the latest being v2.11.1.
  • dnsjit
    • Production release in July of 2020 for this Engine for capturing, parsing and statistics gathering of DNS messages.
    • During the grant year we developed one release containing 52 commits, the latest being v1.0.0.
  • PacketQ
    • Updated list of DNS resource types and worked on CI and packaging.
    • During the grant year we developed one release containing 15 commits, the latest being v1.4.2
  • Two NEW libraries
    • dnswire v0.1.1 – a C library for DNS encapsulations
    • tinyframe v0.1.0 – a minimalistic frame streams library
      • Both released, and tested to work on BIND9 and unbound. These are used to make DNSTAP support available in dsc.
  • DNS flag day 2020
    • We are supporting DNS flag day 2020 with a client side TCP tester. This community initiative will focus on operational and security problems caused by Internet Protocol packet fragmentation.
  • RPKI Support
    • RPKI support has been added to OARC’s “CheckMyDNS” tester.

Benefits to the Internet industry in the ARIN region

These open-source tools enable operators to better monitor and instrument their DNS infrastructure to manage and measure such things as IP address utilization across their networks. They will help support a more robust, efficient and secure Internet for their business and their users.

We have already had positive user feedback on multiple projects as organizations use these tools in their test and production environments. There is much involvement from the community with folks submitting issues, fixes and improvements, demonstrating significant community interest.

Our work was presented and demonstrated at the OARC31 and OARC32 workshops in Austin, TX and San Francisco, CA (co-located with NANOG) to ARIN region audiences during the grant period.

Furthermore, our ongoing maintenance work on dnsperf during the grant period has received recognition in the form of additional major grant funding to develop this software further, with a new engine for stateful connections, re-factoring, and DNS-over-HTTPS support. CZ.NIC selected OARC’s dnsjit tool as an important component of their open-source “DNS Shotgun” project, which has led to an ongoing technical collaboration to develop these.

For more information on our funding development, licensing policy, links to GitHub project pages, and mailing lists visit the DNS-OARC Software Development Page.

POST WRITTEN BY:

Keith Mitchell

DNS-OARC
Keith Mitchell is President of DNS-OARC. In 2012, Keith setup his own company, SMOTI Enterprises Inc., which contracts and contributes his leadership services to a number of Internet engineering nonprofits, including DNS-OARC and UKNOF. From 2008 until 2012 he served as VP of Systems Engineering at the Internet Systems Consortium, where he had responsibility for ISC's infrastructure and open-source software development. Prior to this at ISC he managed the OARC programme for DNS operators, returning in 2012 to serve as President of the now-autonomous nonprofit OARC Inc. He founded and has been Managing Director of the UK Network Operators Forum (UKNOF) since 2005.
Any views, positions, statements or opinions of a guest blog post are those of the author alone and do not represent those of ARIN. ARIN does not guarantee the accuracy, completeness or validity of any claims or statements, nor shall ARIN be liable for any representations, omissions or errors contained in a guest blog post.